package com.sophos.jsceplib;

import android.content.Context;
import android.content.res.Configuration;
import android.content.res.Resources;
import android.os.Build;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.eac.CertificateHolderAuthorization;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jscep.client.ClientException;
import org.jscep.client.d;
import org.jscep.transaction.TransactionException;

/* loaded from: classes.dex */
public class b {
    private static a n;

    /* renamed from: a, reason: collision with root package name */
    private org.jscep.client.b f10159a;

    /* renamed from: b, reason: collision with root package name */
    private final String f10160b;

    /* renamed from: c, reason: collision with root package name */
    private final String f10161c;

    /* renamed from: d, reason: collision with root package name */
    private final String f10162d;

    /* renamed from: e, reason: collision with root package name */
    private final String f10163e;

    /* renamed from: f, reason: collision with root package name */
    private final Context f10164f;

    /* renamed from: g, reason: collision with root package name */
    private String f10165g = null;

    /* renamed from: h, reason: collision with root package name */
    private String f10166h = null;

    /* renamed from: i, reason: collision with root package name */
    private String f10167i = null;
    private String j = null;
    private String k = null;
    private int l = CertificateHolderAuthorization.CVCA;
    private int m = 2048;

    public b(Context context, String str, String str2, String str3, String str4) {
        this.f10160b = str;
        this.f10161c = str2;
        this.f10162d = str3;
        this.f10164f = context;
        this.f10163e = str4;
    }

    private void a(PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder) throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        try {
            if (this.f10166h != null && this.f10166h.length() > 0) {
                com.sophos.smsec.core.smsectrace.c.e("SCEP", "add PrincipalName : " + this.f10166h);
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
                aSN1EncodableVector2.add(new DERTaggedObject(true, 0, new DERUTF8String(this.f10166h)));
                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(aSN1EncodableVector2)));
            }
            if (this.f10167i != null && this.f10167i.length() > 0) {
                com.sophos.smsec.core.smsectrace.c.e("SCEP", "add DnsName : " + this.f10167i);
                aSN1EncodableVector.add(new GeneralName(2, new DERIA5String(this.f10167i)));
            }
            if (this.j != null && this.j.length() > 0) {
                com.sophos.smsec.core.smsectrace.c.e("SCEP", "add Rfc822Name : " + this.j);
                aSN1EncodableVector.add(new GeneralName(1, new DERIA5String(this.j)));
            }
            if (this.k != null && this.k.length() > 0) {
                com.sophos.smsec.core.smsectrace.c.e("SCEP", "add UniformResourceIdentifier : " + this.k);
                aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(this.k)));
            }
            if (aSN1EncodableVector.size() > 0) {
                ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
                pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            }
        } catch (Exception e2) {
            com.sophos.smsec.core.smsectrace.c.j("SCEP", "cannot add SubjectAltName.", e2);
        }
    }

    private d e(String str, String str2, KeyPair keyPair) throws ScepException {
        try {
            Locale locale = Locale.getDefault();
            j(Locale.ENGLISH);
            X509Certificate b2 = b(str2, keyPair);
            PKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(str2), keyPair.getPublic());
            if (this.l != 0) {
                KeyUsage keyUsage = new KeyUsage(this.l);
                com.sophos.smsec.core.smsectrace.c.e("SCEP", "enroll certifcate with key usage: " + keyUsage.toString());
                jcaPKCS10CertificationRequestBuilder.addAttribute(Extension.keyUsage, keyUsage);
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(str));
            a(jcaPKCS10CertificationRequestBuilder);
            d b3 = this.f10159a.b(b2, keyPair.getPrivate(), jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())), this.f10165g);
            j(locale);
            return b3;
        } catch (ClientException e2) {
            throw new ScepException(e2);
        } catch (TransactionException e3) {
            throw new ScepException(e3);
        } catch (Exception e4) {
            throw new ScepException(e4);
        }
    }

    public static a f() {
        return n;
    }

    public static void h(a aVar) {
        n = aVar;
    }

    private void j(Locale locale) {
        if (Build.VERSION.SDK_INT <= 23) {
            Locale.setDefault(locale);
            Resources resources = this.f10164f.getResources();
            Configuration configuration = resources.getConfiguration();
            configuration.setLocale(locale);
            resources.updateConfiguration(configuration, resources.getDisplayMetrics());
        }
    }

    public X509Certificate b(String str, KeyPair keyPair) throws InvalidKeyException, SignatureException, OperatorCreationException, IOException, CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -1);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(5, 1);
        return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), calendar.getTime(), calendar2.getTime(), Locale.getDefault(), new X500Name(str), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate())));
    }

    public void c() throws ScepException {
        try {
            this.f10159a = new org.jscep.client.b(new URL(this.f10160b), new org.jscep.client.c(new org.jscep.client.f.b()));
        } catch (MalformedURLException e2) {
            throw new ScepException(e2);
        }
    }

    public boolean d(String str) throws ScepException {
        if (this.f10159a == null) {
            throw new ScepException("No connect called!");
        }
        String format = String.format("CN=%s, O=%s", this.f10161c, this.f10162d);
        KeyPair g2 = g();
        d e2 = e(str, format, g2);
        if (e2 == null) {
            return false;
        }
        if (e2.b()) {
            new c(this.f10164f, this.f10161c, this.f10162d, this.f10163e).i(e2.a(), g2.getPrivate());
        }
        return e2.b();
    }

    public KeyPair g() throws ScepException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(this.m);
            return keyPairGenerator.genKeyPair();
        } catch (Exception e2) {
            throw new ScepException(e2);
        }
    }

    public void i(int i2) {
        this.l = i2;
    }
}
